01
Who we are
Orang Lain is a social dining platform built and operated in Malaysia. Our mission is to make finding someone to eat with as easy as booking a Grab.
We are the data controller for all personal information collected through oranglain.com, our mobile app, and any associated services.
If you have any questions about this policy, you can reach us at hello@oranglain.com โ a real person will read and respond to your email.
02
What data we collect
We only collect what we genuinely need to run the service. Here's exactly what that is:
๐ค
Your name and photo
First name and profile photo so other users know who they're eating with. Your full name is never publicly displayed.
๐ง
Email address
Used to create your account and send you important service updates. We do not send marketing emails without your explicit consent.
๐ฑ
Phone number
Used only for account verification at signup. Stored in encrypted form โ never shown to other users, never shared with third parties. This is how we keep your identity verified without compromising your privacy.
๐
General area / location
Your work area (e.g. "Petaling Jaya") helps us show you relevant sessions nearby. We do not track your real-time GPS location.
๐ฝ๏ธ
Session activity
Sessions you've joined or hosted, ratings you've given and received. This builds your trust profile and improves your matches.
๐ผ
LinkedIn profile (optional)
If you choose to connect LinkedIn, we confirm your account exists and display a verified badge. We do not access your LinkedIn connections, messages, or activity.
What we never collect: Your home address, exact GPS coordinates, payment card details (handled directly by Stripe), private messages outside the platform, or any data from your contacts list.
03
Why we collect it
Every piece of data we collect has a specific purpose. We don't collect data "just in case" โ only what's needed to run the service properly.
๐ฏ
To run the app
Creating your account, showing you sessions near your area, connecting you with your tablemates through the in-app group chat.
๐
To keep the platform safe
Verifying real identities, building trust ratings, detecting and removing accounts that violate our community guidelines.
๐ฌ
To communicate with you
Session reminders, important account updates, and responses to your support requests. We do not send marketing emails without your permission.
๐
To improve the product
Understanding which features are used, which sessions work, and where the experience breaks down โ so we can make it better. This is always done with aggregated, anonymised data.
04
Who we share your
data with
We never sell your personal data. Full stop. Not to restaurants, not to advertisers, not to any third party for commercial purposes.
We do work with a small set of trusted infrastructure providers who help us run the service. They only receive the minimum data necessary to do their job, and they are bound by strict data processing agreements:
| Provider |
What they do |
What they receive |
| Supabase |
Database and authentication infrastructure |
Account data, session data (encrypted) |
| Stream Chat |
In-app group chat for sessions |
User ID and display name only (no phone number) |
| Netlify |
Website hosting and form collection |
Waitlist signups (name, email, area) |
| Stripe |
Premium subscription payments |
Payment details (we never see your card number) |
Restaurant partners can see aggregated, anonymised data โ for example, "15 sessions in Bangsar this week" โ but they cannot see individual user profiles, phone numbers, or personal information.
We may share data if legally required to do so by a Malaysian court order or law enforcement request. We will notify you if this happens, unless we are legally prohibited from doing so.
05
How we protect
your data
We take security seriously โ especially because we're building an app where strangers meet in person. Your data is protected by:
๐
Encryption at rest and in transit All data is encrypted in the database and transmitted over HTTPS. Nobody intercepting network traffic can read your data.
๐
Hashed phone numbers Your phone number is never stored as plain text. It is hashed (converted to a one-way encrypted string) โ even if someone accessed the database, they could not read your number.
๐ก๏ธ
Minimal data exposure We only show first names publicly. Last names, phone numbers, home locations and employer details are never displayed to other users.
๐
Regular security reviews We conduct periodic reviews of our security practices and infrastructure as the product scales.
In the event of a data breach, we are legally required under PDPA to notify affected users within 72 hours and report the incident to the relevant authority. We maintain incident response procedures for exactly this reason.
06
Your rights under PDPA
Under Malaysia's Personal Data Protection Act 2010, you have the following rights regarding your personal data:
โ
Right to Access
You can request a copy of all personal data we hold about you at any time. We will provide this within 21 days of your request.
โ
Right to Correction
You can ask us to correct any inaccurate or incomplete personal data we hold. Most profile data can be updated directly in the app.
โ
Right to Deletion
You can request full deletion of your account and personal data at any time โ directly in the app settings, or by emailing
hello@oranglain.com. Deletion is processed within 30 days.
โ
Right to Withdraw Consent
You can withdraw your consent for optional data processing (such as marketing emails) at any time. This does not affect the lawfulness of processing before withdrawal.
โ
Right to Object
You can object to certain types of processing of your data, including profiling for advertising purposes. We do not currently do this, but you have the right regardless.
โ
Right to Breach Notification
If your data is ever compromised in a security incident, we will notify you within 72 hours as required by law.
To exercise any of these rights, email us at hello@oranglain.com with the subject line "Data Request" and we will respond within 5 business days.
07
Cookies & tracking
Our website uses minimal, essential cookies only โ the kind needed to keep you logged in and remember your preferences. We do not use advertising cookies or third-party tracking pixels.
We use basic analytics (page views, session counts) to understand how the site is being used. This data is aggregated and anonymous โ we cannot identify you from it.
We do not use Google Ads, Meta Pixel, or any behavioural advertising tracking on this website.
08
Children's privacy
Orang Lain is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18.
If you believe a minor has created an account, please contact us at hello@oranglain.com and we will remove the account immediately.
09
Changes to this policy
If we make significant changes to how we handle your data, we will notify you by email and update the "last updated" date at the top of this page at least 14 days before the changes take effect.
Minor clarifications and wording updates may be made without notice. The current version of this policy is always available at oranglain.com/privacy.
10
Talk to us
Privacy questions, data requests, or just want to know more? We're a real team and we read every email.